Monday, November 18, 2013

Biometric Scanning On Your i-Phone But Not at Your Local Hospital

So - you got a nice new i-Phone 5 equipped with that neat biometric scanner!  You can scan your finger tips, your nose, your toes, even your nipple will work to identify you to your new cell phone.  That is really cool.  You can even have your i-Phone open up to your spouse or significant other by scanning their appendages too.  Isn't it great how science betters our lives?

Why don't hospitals employ this now commonly available method for human identification in Emergency rooms and admitting offices?  I sure don't know why?  With the risks of health care fraud so great in today's dangerous world why would a hospital not employ this method to identify visiting patients? Let's explore the science of biometric scanning, how it works, and why this technology should be mainstream but is not.

My first exposure to biometric scanning was at the GA DDS - Dept.of Driver Services office when I applied for a drivers license in GA.  My finger was scanned at the office then I was issued my drivers license.  My next encounter with a biometric scanner was with my wife' Leslie of Leslie Loves Veggies new i-Phone 5.  Now it is all the rage on that new Apple device.  No more remembering a pass code to open your phone.  Just swipe your finger, her finger, or my finger!  But, biometric scanning is not new.  The use of biometric scanning has been employed to identify humans and our pets for many years although identifying pets requires a chip implanted under the skin.  That is a big no-no for civilized humans.  However, humans have excellent physical traits that are perfect for biometric scanning such as finger print, vein recognition, eye recognition, palm scanning, on and on.  You name a part and it can identify quickly and noninvasively.  Biometric scanners for the finger or palm read the patterns in the skin and/or veins then archive the image in a database tied to your identity.  This method of identification is used all over the globe to open doors for employees, open safes for the rich, identify the sick at the hospital and the not so nice folks at the jail.

There is one country across the globe that uses biometric scanning practices to identify its population; India.  As of 2013 nearly 600 million people in that huge country have been identified in the largest database of its kind.  Countries such as Australia, Brazil, and Germany all use biometric scanning to identify its population to some degree.  So what is biometric scanning for the identification purpose?  It is the use of a scanning device capable of capturing distinctive attributes or traits selectively identifying a human being, storing those captured attributes in a database, with capability of matching scanned attributes to match identities.  Biometric scanning can use finger print, palm print, vein recognition, facial recognition, or iris scan.  The first time identity is established with biometric scanning methods is called "enrollment".  Identity is confirmed thereafter with verification which matches a scan against database knowledge to confirm identity.  Simple right?  Well not exactly.  Finger prints wear out, iris characteristics change, faces change and that can produce false reads or naive reads. With the development of more sophisticated multi modal systems false read rates can be eliminated.

So why if this technology is widely available, easy to use, and is non-invasive do so many health care facilities not use biometric scanning to identify patients?  Health care can be administered safely and accurately if we properly identified patients?  EHR or Electronic Health Record is so important to keep accurate but is so easy to become compromised, stolen, or abused.  Your EHR is worth hundreds of thousands dollars to the criminal element. Defrauding a hospital Emergency Room is not hard.  Hijacking your medical record and financial health information is not that much more difficult.  The only way to stop medical fraud is by positively identifying the patient.  So here is an example.  You have health insurance but your brother does not and he needs some acute treatment, maybe some stitches for a laceration or he needs antibiotics for a festering skin lesion right?  So he goes to the hospital that you have gone before recently.  He walks in with no ID but says he is Mr. SO&So Smith.  He arms his memory with his brothers SS# and some other background info such as his employment, address, telephone number.  Bingo! He looks like his brother, almost the same age, ba-da-bing he now is the brother.  Wam-Bam out the door discharged with treatment covered by his brothers insurance or worse Medicaid/Medicare. Don't think it happens?  I have a bridge at the western tip of Long Island for sale.  It is a steal at One Million Dollars - yeah that's the ticket....

Anyway, that is just one way how hospitals, doctors offices, clinics, and pharmacies are defrauded by health record hijacking and identity abuse.  The only way to stop it is by positively identifying the patient.  Estimates are as high as 28$ million per hour for health care fraud and abuse in the United States.  The FBI is in charge of investigating Health Care Fraud and has tips on prevention .  Their investigations in 2010 totaled up to $80 billion dollars in health care fraud.  The FBI has a long mugshot list [Mug Shots]of individuals wanted for Conspiracy to Commit Health Care Fraud.  With government health care spending poised to balloon into $Trillions per year the criminal element is just salivating at the chance to hijack your health record and set up criminal operations like none seen before.

Here is an example of how you can be a victim of Medical Identity Error resulting in financial harm. Suppose you are sick and go to the hospital for treatment.  You have been there before and you trust the care you will get.  The patient registration person gathers your identification and then finds you in the hospital database.  Your name is Jim or Jane Smith.  You know how many J. Smiths are in any given hospital database?  Well, your visit at the ER is matched up to J Smith alright, except he is James Smith, who is HIV +  and owes the hospital thousands of dollars in bad debt and unpaid bills.  Bingo, you now own James Smith' medical bills and a disease that is mandated to be reported.

Up till now I have just been talking about the financial risks associated with health care fraud deliberately perpetrated by criminals for financial gain or by error.  What about the "Medical Errors" that occur across this country on a daily basis?  Errors you say?  There are errors in health care?  Why yes. According to the American Association For Justice preventable deaths from medical errors average 98,000 deaths per year.  An error starting with patient identification can be deadly!
 Here is another example; Suppose your wife is ill and you take her to the ER.  She has been there before, they have a record of her because she is diabetic, and also highly allergic to certain preparations of insulin. The staff identify her and but register her under a medical record one number off of her true medical record number because of a data entry typo error on the keyboard.  In the ER she gets real bad and goes into Diabetic coma.  The doctor gives insulin but now your wife goes into anaphylactic shock because it is the wrong insulin. A few short minutes go by and your wife is in ICU, nearly dead, clinging onto life.  Hours go by and you think she is ok for the night so you go home for some rest.  Your awakened by hospital staff in the early hours to come to the hospital without any further explanation...

These are just a  few scenarios that could happen because of patient mis-identification.  Hospitals have a process whereby duplicate medical records are reconciled into one.  Sometimes when you visit a hospital ER the computer system is down for some reason so all patients are registered on paper record which is then entered into the computer database systems later.  You will be given a temporary medical record number until your visit can be reconciled to you historical records. This is called "MRN Merging". Not so bad if you truly do have a duplicate EHR and the two are merged together.  But what if the merge is incorrect?  Catastrophic consequences can be produced in some cases.  Your blood type can be changed, you can suddenly acquire a disease you never had before, or you can unexpectedly own debt that is not yours or your insurance company' responsibility.

So why do health care facilities not want to positively identify their patients?  There are less than 300 hospital facilities in the United States that employ biometric scanning to correctly identify their patients?  They may have the most expensive and sophisticated equipment on hand but will ask you who you are to identify yourself.  If you have picture ID use it but some people show up at the ER without ID.  The reasons why health care facilities do not use biometric scanning are:
  • $$$Expense - Biometric scanning Systems and the database management tools used to identify patients and relate this data to EHR is expensive.  Probably the most common reason this technology has not been adopted to main-stream health care practices.
  • Abuse of such databases has great financial enticement - the sale of such biometric identification data is a lucrative proposition for those who will have access.  However, the penalties for sharing PHI - Protected Health Information are steep and can include jail time for those found guilty of Health Care Fraud Conspiracy.
  • Civil Rights activists and privacy proponents hate anything that positively identify the population and store such identification in databases.

Well then, it is a two way street.  Maintain privacy but then risk acquiring the medical record of someone else.  Raise the level of health care safety at the expense of losing anonymity?

I would much rather be positively identified when it comes to serious medical treatment like surgery, pharmaceuticals, or transfusions than be mis-identified or have my medical record abused for financial gain by someone else.

What can you do to protect yourself..
  1. When you visit your doctor or most importantly a hospital make note of your MRN.  Next time you go back compare that number to any new registrations or visits to make sure the registration process identifies you properly.
  2. Carefully monitor EOB- Explanation of Benefits that you receive in the mail.  Report any inconsistencies to the hospital , insurance company, medicare (CMS), or your doctor.
  3. Carefully monitor your bank statements and credit card statements for any suspicious  or unknown healthcare charges and take action immediately if anything suspicious shows on a statement.
  4. Never give any personal information about yourself over the phone.  A "scammer" might get a hold of your name and phone number to call you asking about your last visit to a health care facility as a Customer Service Survey.  Hoping to gain additional information; you may be asked for this information directly on the call or purposely asked to verify incorrect info so that you can "Correct the Records".
  5. If you have a choice of hospitals to go to and one uses biometric scanning and one does not, go to the one with biometric scanning.  Tell the staff you came because they can positively identify you.
  6. Call your local hospital and request they start using biometric scanning for identification and that would make you more confident making a visit.

Good luck my friends.  Its a dangerous Health Care World out there.

Scott R. Mayorga A.A.S., BS MT(ASCP)H CLS

For more information on health care fraud  and biometric scanning click the links below.
Stop Medicare Fraud
Report Fraud-Get Reward
HC Fraud Examples via IRS
What is health care fraud?
Medical Biometric Scanning
Biometric Scanning Technology

No comments:

ShareThis Post!